TechRound has collected expert opinions for Safer Internet Day 2021.
Safer Internet Day aims to raise awareness of emerging online issues and current concerns.
Many experts highlight the importance of making a password unique and complex.
It is very important to know where your data lives and who has access to it.
It is harder to today to stay safe online than ever before!
The internet has transformed our lives. We can do pretty much anything online today. We rely heavily on the internet for almost every task as it is faster and easier to complete. However, the internet is not as safe as it may feel. The fact that we can get everything done so easily comes at a price and has become the bane to our safety. With more people venturing into the digital space, sharing more information, it has become a breeding ground for cyber criminals.
The daily internet user is ever-increasing, with many more sharing private and sensitive information online, and with this cyber criminals are taking advantage of users. Cyber crime has grown enormously over the last few years, becoming a massive issue for individuals, organisations and companies. With this, it has become more important than ever to take protocols. Not doing so can result in the loss of money and sensitive information.
So, today, for Safer Internet Day 2021, we want to remind you of different ways individuals and companies can stay protected while using the internet. With certain safety measures, 33 experts are explaining how you can prepare and react to cyber crime and ways to stay safe on the internet.
Our Panel of Experts:
- Nadia Kadhim – CEO of Naq Cyber
- Oliver Obitayo – Chief Sales Officer at IDnow
- Jamie McCann – Founder of VuePay
- Nir Chako – Security Research Team Leader at CyberArk
- Tony Pepper – CEO of Egress
- Manjit Sareen – CEO and Co-founder of Natterhub
- David Price – CEO of Health Assured
- Andrea Babbs – UK General Manager at VIPRE SafeSend
- James Martinez – Founder of All Things Digital
- Sarah Lyons – Deputy Director for Economy & Society at National Cyber Security Centre (NCSC)
- Victor Kritakis – CISO of TalentLMS and TalentCards, eFront
- Gal Ringel – Co-Founder and CEO of Mine
- Daniel Markuson – Digital Privacy Expert at NordVPN
- Rowan Troy – Senior Cyber Security Consultant at Littlefish
- Gav Winter – CEO of RapidSpike
- Brandon Akal – Lead Security Analyst at Blue Frontier
- Nick Blake – Cyber Security Consultant at Gemserv
- Sunday Yokubaitis – CEO of Golden Frog
- Jason Meller – CEO and Founder at Kolide
- Caleb Chen – Marketing Specialist at Private Internet Access
- Chris Hickman – Chief Security Officer at Keyfactor
- Chris Hauk – Consumer Privacy Champion at Pixel Privacy
- Lewis Jones – Cyber Threat Intelligence Analyst at Sy4 Security
- Paul Bischoff – Privacy Advocate at Comparitech
- Javvad Malik – Security Awareness Advocate at KnowBe4
- Jordan Dunne – Cybersecurity Consultant at Edgescan
- Mark Ruchie – CISO at Entrust
- Rita Nygren – Business System Administrator, BI and Project Management at Tripwire
- Andy Renshaw – VP, payment solutions and strategy at Feedzai
- Tim Helming – Security evangelist at DomainTools
- Trevor Morgan – Product Manager at comforte AG
- Stephen Burke – CEO of Cyber Risk Aware
- Chris Hazelton- Director of Security Solutions at Lookout
For any questions, comments or features, please contact us directly.
Nadia Kadhim – CEO of Naq Cyber
“Careless internet habits can expose us to more risk than we’d like to know or are prepared for. Not only are we at risk of damaging our reputation, but it can have serious consequences to our career, our businesses and even our wallet. In reaction to the Corona outbreak and the resulting shift to remote working, criminals have increasingly targeted small businesses and individuals, leaving all of us exposed whilst we’re using the internet as part of our day-to-day and professional lives. The aim of cybercrime is to steal data, generate profits and cause disruption. We know we have to do something when it comes to securing ourselves, but it’s hard to figure out what to do or where to start.
The main risk comes from our online behaviours, which can leave us exposed to a number of threats, most commonly an account breach or phishing attack. Receiving a phishing email, in and of itself, is not a risk, just annoying. However, many people respond to phishing attacks, and that’swhere the real damage is done. The effects are numerous but can range from your compuer being infected with viruses or ransomware through to making you send money to criminals.
Luckily, there are some cybersecurity best practises that everyone can and should follow. I always like to start with this metaphor: When we leave the house, we wouldn’t leave our windows and doors unlocked with all of our precious belongings out in the open for criminals to steal. Treat your online accounts as you would your home and belongings and lock those doors and windows (i.e. accounts). We can do this easily by creating unique and strong passwords for each account and turning on 2-factor authentication wherever possible.
After locking everything up, we still need to beware of what we share online. Not only does Facebook love to know everything about us, but so do hackers. They can use the information you’ve shared about yourself, your family and your work to their advantage to create more targeted attacks.
And finally, resistthe urge to click links or open attachments if you have even the slightest doubt about where they’ve come from.If you’re faced with an urgent or unusual request that appears to be from someone you know, pick up the phone to check it’s genuine. Better safe than sorry.”
Oliver Obitayo – Chief Sales Officer at IDnow
“Covid-19 has significantly accelerated global digitalisation – experts suggest by as much as five to eight years. Many industries and businesses have had to quickly adapt and pivot in order to retain their share of the market, placing huge pressure on firms to implement technology in order to deliver this digital, remote experience.
Thankfully, technology innovation has been the main driver of the identity verification market for many years, enabling the sector to meet the significant rise in demand with speed and efficiency. In our recent Security Report, we reported significantly higher demand for our products and services as restrictions around Covid-19 continue to push digitisation. There was a strong increase of 250% in fraud attempts this year, with new developments in identity fraud heavily impacting the global cybercrime figures.
Our order intakes rose by 358% year-on-year, while transactions via IDnow AutoIdent grew tenfold, with an increase of 1,000% in the number of transactions recorded between January and June 2020.
In the face of a continuing global pandemic, digital solutions are needed now more than ever before as businesses seek ways to deliver a safe and secure online experience for their customers.
Rise of consumerisation
Consumers have come to expect a seamless online experience, even more so this past year since the pandemic drove the entire world to their smartphone or laptop and this consumerisation megatrend has now hit onboarding processes and Know Your Customer (KYC).
Most end users expect all processes they encounter to be available in an App, instantly granting them access to the service or product they demand. To remain relevant, firms must fulfil this expectation and with that, comes a need for hardcore technology that will deliver compliance and security.
This consumerisation is likely to continue to grow as more and more customers switch their lives and interactions with businesses online.
Embedding and improving existing technologies
This year will see a focus on embedding and improving some key technologies that make the identity verification market as secure as it is. Priorities will be enhancing the use of Artificial Intelligence and sophisticated technology in order to drive automation and detection of dynamic security features in ID documents. In addition, Machine Learning, biometric face recognition, 3D modelling, wallet and reusability and integrated electronic signatures (eIDAS standard) processes will be improved.”
Jamie McCann – Founder of VuePay
Nir Chako – Security Research Team Leader at CyberArk
Protecting against malicious URLs
“Malicious URLs are web links created with the purpose of either scamming, launching cyber attacks or perpetrating fraud, so any time you are fooled into clicking on one of these represents a clear and present danger to your data. They are often used for phishing, whereby the victim is deceived into giving up data like bank details of passwords and other important credentials.
Malicious URLs can also host viruses and malware, run code on your laptop, or redirect a user to other internet locations from which they can launch ransomware. These types of URLs are a constant threat to both personal and business devices but are easy to avoid. Be wary when you are asked to click on something unexpected and use services like VirusTotal to check files and weblinks are safe before you visit them.
Update your router so attackers don’t have an easy way into your home network
Being mindful of the security of your data is not just about being wary of phishing attempts and malicious websites. Attackers can easily get into your home network through taking advantage of out-of-date firmware on internet routers. Firmware is the software that your router runs on, and old firmware contains many widely-known, easily compromised security vulnerabilities, so it’s important to keep it regularly updated.
Making sure your router is up-to-date not only reduces the risk to your own personal information and devices on your home network, it also helps safeguard against attacks on your employer that might inadvertently come via your home network.”
Tony Pepper – CEO of Egress
“My top tip for staying safe online is to practice vigilance when it comes to email to avoid falling victim of a phishing attack. Since the beginning of the pandemic there’s been a surge in fraudulent activity, and many phishing emails are highly convincing. Cybercriminals will use clever social engineering techniques to pressure or trick recipients into sharing their sensitive data – recently, for example, there’s been a new wave of phishing emails purporting to be from HMRC or even offering the Covid-19 vaccine.
I would always recommend double-checking the sender’s email address; even better if you have legitimate emails to compare it to. For example, if the email claims to be from a certain retailer, check this against previous emails you’ve received from that retailer, or even reach out to them via their website to check. Hover over any links before clicking and always question why the sender might need your personal information – particularly when it comes to highly sensitive information such as card details.
You can often spot a phishing email by looking closely at the email’s grammar and spelling – there could be obvious errors which will give the game away. If you’ve received a phishing email, the best thing you can do is report it to the NCSC’s Suspicious Email Reporting Service, then delete it from your inbox.”
Manjit Sareen – CEO and Co-founder of Natterhub
“We live in an increasingly screen-based world. Children who’ve grown up online have more opportunities to learn and connect than ever before, but simply teaching them how to use their devices is not enough. Children also need to know how to understand how to use the internet appropriately if they’re to become resilient and empathetic digital citizens.
At Natterhub, we’ve found that more than one in five primary schools only teach online safety lessons once per year, so Safer Internet Day is a hugely essential initiative. The motto of the day is together for a better internet, and education is how we make this a reality.
Natterhub Online Safety Tips
1. Set up parental controls.
Parental controls are the best way to make sure your children don’t see anything inappropriate while they’re online. Our Online Safety Guide has simple step-by-step instructions for your devices and web browsers, as well as information on some of the most popular apps and games out there. Don’t forget to make sure these are active on your mobile network, not just on WiFi!
2. Make sure you’re ‘appy with the apps your children are using.
Parental controls are also where you can set age limits so children can’t download any apps that are unsuitable for them. Be sure to turn off location sharing in the apps they use regularly. You should also turn off in-app purchases so you don’t get any nasty surprises in your next bank statement!
Is your child’s screen time balanced?
Think about the ways your children are using screens. Are they being active, doing something creative or talking to their friends? Or are they being passive and just watching mindless videos? Think about other things you could do with them to stimulate their creativity.
3. Be clear what information can and can’t be shared
We all love to share things online, but we all have some things we should keep private. Make sure your children know not to share personal information like their full name, their school or their address with strangers!
4. Make yourself a trusted adult
As well as learning about blocking and reporting inappropriate content, children need to know that they can come to you if they have a problem. If they do share a problem with you, try to actively listen without judging, and make sure you know who else you can turn to if you need extra help. There are all kinds of organisations out there that can help, including the Internet Watch Foundation and the NSPCC.
5. Start a conversation
We know it can be awkward to talk to your children about what they get up to online, but starting a conversation means they’re more likely to come to you with a problem. Start with open-ended questions, like “How do you feel about…?” We also recommend having ‘sideways conversations – start a chat while you’re in the car, or going for a walk together!
6. Don’t just talk about the scary stuff!
It’s important that children see all the positive things about being online, not just the risks. Take an interest in the things they do online and start an ongoing discussion, and you’ll find it much easier to slip the subject of online safety in there!”
David Price – CEO of Health Assured
“With most of us staying at home most of the time right now, online shopping, remote work and socialising has seen a boom. Alongside that has come more and more phishing, social engineering and hacking. It’s important for employees to understand the basics of online safety, how to protect your accounts, identity and data. Here are a few tips to keep you safe online.
You should keep your work passwords just as secret as the passwords to your personal email. Make sure you don’t write your passwords down or think about using a password locker to keep them secure. There are some good practice rules to keep your passwords secure including: never re-using the same password twice, don’t include personal information such as birth dates and never share your password with anyone.
Cyberattacks can be subtle to the point of invisibility. Phishing emails, malware and fraudulent websites can catch out even the most IT-savvy people—unless you take care. Treat emails asking for details with suspicion. For example, if you receive an email from the bank asking to confirm a transaction which you don’t recognise, call the bank from a number on their website.
2-factor authentication (2FA) is a great way to ensure security when it comes to logging in to equipment, accounts or emails. It’s another layer—effectively, like adding another lock to a door. If you have ever received a text to your phone giving you a second passcode to log in to your social media? That’s 2FA.”
Andrea Babbs – UK General Manager at VIPRE SafeSend
“The cybersecurity landscape continues to evolve as cyber criminals become ever more sophisticated, and digital security tools accelerate to mitigate these risks as much as possible. 2020 presented even more opportunities for hackers to strike as a result of the COVID-19 pandemic, with workforces scattered across their homes, away from IT teams and potentially on unsecured devices and/or networks.
Email remains the most-used communication tool, even more so when remote working, but it also remains the weakest link in IT security, with 91% of cybercrimes beginning with an email. It only takes one incorrect character or autocorrect taking over for sensitive information to land in the wrong inbox. And what if that recipient is a competitor or cyber-criminal?
By implementing innovative tools that prompt employees to double-check emails before they send them, it can help reduce the risk of sharing the wrong information with the wrong individual.
Additionally, the risk an individual poses can often be the main source of vulnerability in a company’s IT infrastructure. By re-educating employees about existing products and how to leverage any additional functionality to support their decision making, users can be updated on these cyber risks and understand their responsibilities.
Security awareness training programmes teach users to be alert and more security conscious as part of the overall IT security strategy. In order to fully mitigate IT security risks and for the business to benefit from an educated workforce, both in the short and long term, employees need to change their outdated mindset.
But the key to a successful and safe agile workforce is to shift the approach of full reliance on IT, to a mindset where everyone is alert, responsible, empowered and educated with regular training, backed up by tools that reinforce a ‘security first’ approach. Users need to work mindfully and responsibly on the front lines of cyber defence, comfortable in the knowledge that everything they do is underpinned by a robust and secure IT security infrastructure, but that the final decision to click the link, send the sensitive information or download the file, lies with them.”
James Martinez – Founder of All Things Digital
“Staying safe online is a hard thing to do nowadays. So many people and companies are harvesting and capitalizing on the data and information that your activities share with them. Whether you realize it or not.
One of the best ways to ensure that you are staying safe online is to always make sure you’re on the proper website for whatever it is you’re trying to do. Never click on the link in an email and then login from that page. This could be a phishing scam where people make a different webpage that looks the same as what you were expecting to log into, and then when you enter your data, they now have your logins for the real sites!
This can be for social media, banking, web applications and any other type of webpage you may use. To be safe, always go directly to the website for the institution you’re trying to log into. This will help you feel more confident you are not being taken advantage of.
Another great way to stay safe online is ensuring that you actually know people who are requesting to connect with you or become friends with you on social media. Many people are connecting with strangers and then taking pictures and videos from their profiles to trick other people into becoming friends and then taking advantage of the connection.
To be safe, if you use social media sites, make sure that the people who you accept connections from are real people you know or have mutual friends with you. Then once you connect with them, be sure to check out their profile to ensure that they are a real and genuine person that truly wants to connect with you and not someone looking to just steal your pictures, data or information.
A big topic that is prevalent today is political news and information. Unfortunately these topics can strike a chord with many people and can then be leveraged with misinformation and calls to action. When you see a news source, or any sort of information that has significant consequences to society, be sure to investigate the source of the news story. Many people are quick to share content that is in alignment with their beliefs, but the actual content itself may be false or misleading.
Don’t fall into the trap of reading and believing misinformation or even worse, sharing it. Be sure that you research the source of the content before giving it additional visibility on social media sites. Words do have consequences.
It can be frustrating but unfortunately, many people want to utilize technology to take advantage of those people who are less comfortable with it. If you are unsure about anything that you come across online or on your phone, be sure to check with someone else who is more comfortable with technology than you are.
There is no shame in being safe on the Internet. It is better to be safe than sorry, and unfortunately those who fall into the sorry category generally have large consequences that go along with that little bit of embarrassment.”
Sarah Lyons – Deputy Director for Economy & Society at National Cyber Security Centre (NCSC)
“As you reach for your phone to book the weekly shop, check in remotely with work mates or log into another virtual quiz, it probably won’t surprise you to learn that UK internet use has doubled in the last year*. During the pandemic, video calls, chat platforms, and online payments have all played an important role in keeping things ticking. This makes it essential that we don’t take our eye off the ball when it comes to online security.
While we are busy organising our lives using the internet, cyber criminals are busy exploiting the pandemic by bombarding us with email scams and setting up fake websites. The National Cyber Security Centre (NCSC) has seen all kinds of Covid related online scams over the last year from fake online shops selling non-existent PPE to bogus adverts offering a fast track to the vaccine.
The good news is that the NCSC has come up with six practical steps that you can take to protect your devices and to stay secure online. As today is Safer Internet Day, the NCSC is encouraging everyone to visit its Cyber Aware website to find out more about the six steps;
Use a strong and separate password for your email
Create strong passwords using 3 random words
Save your passwords in your browser
Turn on two-factor authentication (2FA)
Update your devices
Back up your data”
Victor Kritakis – CISO of TalentLMS and TalentCards, eFront
“Starting with the obvious, users shouldn’t live a day online without antivirus software. And make sure your antivirus is always up-to-date, as well as your operating system and all software on your PC.
But antivirus programs are not panacea for cybersecurity threats. To stay safe while browsing, always be very vigilant about which websites you visit and make sure that they all are “https” and that the locket indication is “connection secure”. When downloading a file, do so only from trusted sources and bear in mind that even a .doc or an .xlsx file can be harmful.
What is also extremely important, is to use strong and different passwords for each website. And avoid keeping them stored on plaintext or on your browsers. The safest way is to use a “password manager”. Such a tool fills in random strong passwords for each website, keeps all of them stored at one place and you don’t have to type them every time you login. It is important to use a password manager for all services that you use, for your bank accounts, your social media, eshops, and other websites.
Also be extra cautious when somebody asks for your personal data, or passwords, or prompts you to click on a link. A bad actor can pretend a false identity, even tricking you into believing you’ve got an email from your bank. Such cybersecurity attacks are called “email spoofing”. Be very careful if you encounter any strange and unusual behavior during a communication. The safest path is to always double check who the sender is. Even if somebody that at first seems familiar and asks for personal information, always double check their identity with them directly, for example by calling them before you share anything.”
Gal Ringel – Co-Founder and CEO of Mine
“The first step, and arguably the most important, in making sure you are staying safe online is knowing where your personal data lives. On average, 350 companies hold a given consumer’s personal data – from identity and financial information to online activity. The larger your digital footprint is, the greater your risk is in being victim to hacking and data breaches, which we constantly see in the news.
For many, the thought of hundreds of companies harboring your personal information is overwhelming – but it doesn’t have to be. We created Mine to empower users to take back control of their data with ease. In just minutes, Mine identifies companies that hold the personal data of consumers, the type of data that they hold on you and the associated risk level.
In addition to helping users keep track of their digital footprint with updates and recommendations, Mine also provides the tools to exercise the “right to be forgotten”. Mine allows users to send official data deletion requests with the click of a button to companies to remove their personal information from them and monitors the status of these requests to ensure action is taken.
In addition to monitoring your digital footprint and making sure that you only keep your data where you need it, it’s important to be more mindful of what brands you are allowing access to your information. Many of us quickly click “yes” to disclaimers in order to gain access or benefits from a brand without checking what we are agreeing to, but these interactions could potentially put you at risk for breaches in the future.
Make sure to check if you’re getting value for the data that you’re sharing with online services and prioritize brands that provide you with value and transparency over what they do with your data.”
Daniel Markuson – Digital Privacy Expert at NordVPN
“1. Install and use antivirus software. Using a trustworthy antivirus program is a good way to protect against notorious cyber threats coming from the web. Make sure to install updates as soon as possible.
2. Use a firewall built to create a barrier between your internal network or your device, and external traffic coming from the internet. A firewall, sometimes also called a network firewall, is a cybersecurity tool that filters incoming and outgoing traffic.
3. Use unique and complex passwords for different accounts. Once hacked, your credentials can be checked against other services, such as email or online banking. To help you navigate through the sea of passwords, use a password manager like NordPass, which generates secure passwords and stores them in a protected vault. This applies to your Wi-Fi router too.
4. Use two-factor authentication. Just entering a password isn’t enough as hackers can also gain access to your phone or email. The 2FA process adds an extra security layer to your account, making it harder for malicious actors to attack and steal your data
5. Avoid browsing on public Wi-Fi unprotected. If you have to log in to your online account on a network you don’t fully trust, use a VPN like NordVPN to make your connection private. A VPN encrypts all communications passing between your device and the internet so no outsider can intercept it.
6. The best way to keep your valuable data safe is to encrypt it and back it up in the cloud so hackers can’t prevent you from accessing it or threaten to wipe it out. NordLocker, a user-friendly file encryption solution, also offers a private encrypted cloud for easy access and secure data storage.
7. Cover your webcam. In this era of video chatting, computer cameras are used all the time. There is always a possibility to join a meeting by a mistake or be spied on by third parties. Just like any other tech devices, webcams are prone to hacking, which can lead to a serious privacy breach.
We repeat the same rules of precaution. Use unique and complex passwords, store them in a password manager, and never click on suspicious links. It is also highly recommended to use protective software like a VPN to browse safely and avoid viruses. Last but not least, do not share your private data with anyone.”
Rowan Troy – Senior Cyber Security Consultant at Littlefish
“In support of Safer Internet Day, here are some tips on what to remember, look out for, and be aware of when using the Internet, whether personally or at work. We are all capable of making the internet safer for ourselves, and you don’t need to have a fountain of knowledge to do it:
- Being asked to use your access or provide money to someone? Remember this phrase, Suspect, Ask, Verify, Engage or SAVE. If you suspect, ask the person, verify the individual and then engage by taking the appropriate action. SAVE yourself!
- Use passphrases, forget passwords – Passwords are too easy to guess. Think of your favourite song and use three words from the verse of chorus. This is far harder for a machine to guess and naturally increases the length.
- Refuse to reuse! Don’t reuse the same password or passphrase. If the credentials are stolen from a breach, anyone can take those and try them with every popular service or website to see if they can gain access.
- If your memory isn’t good, use the computers instead. A password vault can help store all your account passwords for every service you need. This way, you can secure all those passwords that are different and not remember them.
- Turn on two-step authentication. If the website or service can, turn on two-step authentication. Although it might seem like a burden, it can stop anyone who does acquire your username and password from getting to your account.”
Gav Winter – CEO of RapidSpike
Shopping online is scary to some but normal to most, but the question is should you be scared?
“The answer is no (well maybe a little!), but you must be vigilant, very vigilant. You see, hackers never stop, they are global, they are 24/7, and they don’t care how scared or blasé you are about internet security, they just want your data, and it sells at a premium.
Each individual is just a stream of data to a hacker with varying degrees of importance. They like payment details, addresses, private information or company confidential information, every piece of data is valuable. It’s not personal though, please never think it is (unless you are famous or rich then it might be!), its business (to them) but there are a number of ways you can reduce your personal risk:
- You may see a “Not Secure” or “Website Not Secure” message. Do not enter your information on these sites, they are not protected well enough. Think – No HTTPS, no shopping!
- The more adverts you see on a site the more risky it is, carefully consider sites with lots and lots of adverts and lots of third party providers.
- Further, the adverts that you see on those sites also carry risk, especially if they take you away from your original goal.
- Look closely at the content, if there are errors, broken language or spelling mistakes this is highly likely to be a scam website.
- You can use WhoIs to find out if a website domain is legit, there are tools out there to help you find out.
- And you can see if you have already been compromised by using sites like haveibeenpwned
There are many ways to keep safe personally, and for businesses to keep your data safe. At RapidSpike, we are all avid online shoppers and we like to help make websites fast, reliable and safe. Knowing what we know about the risks has not put us off buying our products online, we just make sure we are careful and shop with companies who care about our data and customer experience.”
Brandon Akal – Lead Security Analyst at Blue Frontier
“In today’s world, where everything we do is in some way online, keeping yourself safe and protected, is the new form of self-defence. Ensuring that you have the correct procedures in place to protect yourself, should be part of your daily routine. Information is fast rising as the most valuable commodity on the black market, and every day we are hearing of more and more people falling victim to identity fraud.
There are two key tenants involved in keeping yourself safe online:
1. Information sharing
2. Identity protection
As criminals become more sophisticated with the methods that they use to obtain people’s information, we should really be looking to scale back what we share, how we share it, and how we secure that information. Human beings always want to share information about themselves in order to seek affirmation that what we are doing is noticed by other human beings. This results in the over-zealous sharing of information that we would not, in other circumstances, ordinarily share with strangers.
Having spent some time in the Army, I used to prepare information security presentations for soldiers of all capabilities. One of the key aspects I focused on, was the sharing of information that could be used to create a “target pack” of an individual. This could include geo-tagging enabled on photos that are uploaded to social media platforms, running or cycling routes that are uploaded to social fitness platforms, and “checking-in” to certain locations. This is all information that we readily push out.
Now, this is obviously a case tailored to a military application, but revealing all this information could still provide criminal elements with a wealth of information to use against you.
How we access the platform(s) we share that information on is a system that is always under attack. Criminal elements will seek to gain your credentials through any means they can. This can include phishing emails, phishing voice calls (vishing), fake login pages or sites, and could even be something as innocent as signing a register for someone purporting to be a local government representative.
There are a number of ways we can mitigate both threats, and ensure our online safety.
1. If you wouldn’t say it, or share it, or make it known to Joe Bloggs walking down the street, then don’t share. Simple.
2. Keep your information sharing circle small and intimate.
3. Enable multi-factor authentication on every account possible.
4. Practice a good level of password hygiene. Don’t add an extra digit or symbol onto your current password. Don’t make your password something that could be easily guessed. Make it something that only you could ever remember – perhaps your favourite colour, number and shape combined with something random that you always carry, for example: “The red yacht had 8 rings.”
Don’t share it. Enable multi-factor authentication. Strengthen your password.”
Nick Blake – Cyber Security Consultant at Gemserv
Working From Home, tools to help you stay safe online
“In 2021 cyber-attacks are nothing new and unfortunately neither is working from home. Currently at least one in three or 35% of adults are working exclusively from home, which when coupled with poor cyber security practices is a recipe for disaster. According to a survey, 1 in 5 respondents had received no training for handling company data, GDPR or cyber security.
Cyber security threats are constantly changing and evolving and this is increasingly difficult for companies’ to continuously update their policies and procedures. The first line of cyber defence for a company is the security awareness and behavior of their staff.
The threat landscape whilst working from home has changed, and the risks are real.
Whether threat actors are exploiting vulnerabilities due to insufficient cyber security measures or their deployment throughout the company down to the individual level, risks are being realised. Organisations must embrace the combination of technical controls with an improvement in employee security behaviour.
To assist with embedding a cyber security-centric culture Gemserv have put together an ‘online toolbox’ with five key tips to help you stay safe online in 2021 and beyond.”
Sunday Yokubaitis – CEO of Golden Frog
“Most devices we use are wi-fi-enabled one way or another. While these features make it convenient to connect, they can also lead to security risks. There are a few things you can do to improve your safety online:
1. Think first, then connect. Never blindly connect to a free or public wi-fi network. These networks are often unsecured and leave you at risk of revealing personal details or data.
3. Change your settings. When you sign up for a new service or install new software, always look at the privacy controls. Services often opt you into invasive practices like data collection automatically, so it’s important to adjust the settings.
3. Get a VPN. The best thing you can do to protect yourself online is to get a VPN. A VPN encrypts your internet connection to secure it, and allows you to mask your true IP address and geo-location. Using a VPN protects you from snoops or hackers attempting to access your personal information. It also keeps your browsing activity private so third parties like your internet service provider and advertisers can’t track you and collect information about you.”
Jason Meller – CEO and Founder at Kolide
“It is easy for both employees and employers to minimize the need to re-evaluate their security posture post-COVID-19. Before the pandemic, many organizations were already used to a portion of their employees working remotely. Tools like Slack and Zoom were the norm and the security implications of these changes were already considered thoroughly, so they may wonder, “Why does anything need to change?”
This, however, is flawed thinking. When evaluating risk, you not only want to consider all possible scenarios and their impact on the organization, but also their likelihood of occurrence. Post pandemic, the majority of knowledge workers are now doing their jobs from home. In fact, attackers can count on it. Knowing this, we can predict the likelihood of certain attacks occurring and subsequently succeeding will be significantly higher. This changes everything.
For instance, many organizations are seeing marked increase in successful phishing attacks (attacks in which a stranger tricks an employee into revealing private information, usually via email). Attackers know that employees are receiving all sorts of unprecedented emails asking them to do new things.
They can easily take advantage of the lack of normalcy to succeed in their mission. Where simple phishing security training would have been sufficient before, organizations may now want to consider moving all important communications to collaboration tools like Slack or Teams, where outsiders cannot easily send messages and the authenticity of the messages is not in doubt.
Another previously low probability risk to reconsider is the ease with which an employee can reach for their own personal devices. Doubling down on device management software which is responsible for locking down laptops (often to an onerous degree) might actually increase the likelihood of an employee becoming frustrated and switching to an insecure personal device to do the majority of their work. To address this, employers should invest in zero-trust programs that only allow devices to access sensitive data and resources if their devices (including personal devices) meet a minimum security and monitoring standard.
Finally, security teams should recognize that they are not going to anticipate everything and need the rest of the company’s help to identify risks they may be oblivious to. To regain that visibility, they should consider extending their bug bounty program, where they reward third parties for responsibly reporting security vulnerabilities to the company, to internal staff to incentivize reporting of critical issues and allow them to establish positive relationships built on honesty and collaboration.”
Caleb Chen – Marketing Specialist at Private Internet Access
“Staying safe online requires a multifaceted approach that involves some basic tenants that can never be forgotten, as well as additional measures that can be used to augment privacy and security when needed.
Let’s start with the basic tenants:
Make sure the software that you’re using is up to date. That means everything from your browser to your operating system to your VPN client. New vulnerabilities are being found and patched every day so make sure to capitalize on this low hanging fruit.
Thanks to the prevalence of scams, it’s now necessary to be aware what phishing is and looks like. That means you should always think twice about opening emails from suspicious sources and think many more times before downloading an attachment or clicking a link.
Let’s get into some additional measures that can be taken to augment your privacy and security online:
In short: Encryption is your friend.
A VPN service like Private Internet Access is a great way to stay safe online because it adds encryption to all of your internet traffic which helps protect you from man in the middle attacks whether you’re on public WiFi or a home network.
Keeping backups of crucial information can also be helpful in the worst case scenario event of a ransomware attack.”
Chris Hickman – Chief Security Officer at Keyfactor
“Online users have to have a level of trust in the websites they visit, but not all websites are created equal, and at the end of the day, users have a responsibility for their own online safety. At a very basic level, navigating the online world is like navigating a city. Usually, you keep your guard up and stay alert for unsafe situations. It’s the same in the online world. As you visit different websites you need to keep your guard up and constantly look for indicators that signal potentially unsafe or compromised situations.
SSL certificates have been used for years as a digital tool to allow secure web connections between a web server and a web browser. They are a baseline tool to verify a business’ digital trust. The padlock icon that appears in the address bar is an easy way for visitors to gauge whether the site they’re visiting is ‘trusted’.
Behind the scenes are certificate authorities (the certificate authorities issue and reject the certificates). Big browsers like Google and Firefox choose which of these certificates to trust based on the certificate authority and the standards it meets and maintains. The standards are overseen by the CA/Browser forum and the certificates have a limited lifespan, which are set by CA/Browser forum. That lifespan is currently just over one year. When the certificate expires, it must be renewed.
As a business, you need to have protection (like that offered by certificates in place and keep them up to date). As a consumer, you can think of the padlock icon as the first indicator of trust. If the website you’re visiting doesn’t have one, know that the site is not secure. Avoid making transactions or surrendering your personal information on these sites.”
Chris Hauk – Consumer Privacy Champion at Pixel Privacy
“There are several steps that can be taken by the average user to stay safe online. Most of them require only a small bit of common sense, and most are free.
First of all, be smart about the information you share about yourself and your family. Keep to a minimum any posts that include personal information, such as phone numbers, addresses, birth dates, and other sensitive information.
When I was a child, the worst that my mom could do was share my baby pictures with a new girlfriend. Parents today share baby photos, birth information, school locations, and more about their kids. This is dangerous in a number of ways. It not only endangers the youngsters in today’s world, but also leaves a digital footprint that could put the child at risk years down the line.
Also, parents need to educate their offspring on the dangers of sharing too much information online. We have a whole generation of young adults that have grown up with the internet. The generation in question has become too comfortable with sharing their public information (including their location, financial information, and more) to gain access to “free” services on the internet.
As for protecting yourself against online perils such as viruses and malware, I strongly suggest users always use antivirus and anti-malware protection. These apps can not only scan your hard drive for viruses and malware, they can also proactively protect you by warning you when you visit dangerous sites.
The user is the weakest link in online protection. As the old joke goes, “If you break your arm in 4 places, stay out of those places!” That goes double for the internet. Refrain from clicking links and opening attachments in emails and text messages. Also, take care when clicking links provided in public forums and social networking sites like Facebook and Reddit.
Other steps to take to protect online privacy is to use a Virtual Private Network (VPN) to encrypt your internet connection. This protects your online activities from prying eyes. This is especially important when using unprotected public WiFi hotspots.
Protect your accounts using two-factor authentication whenever it is available. Also, take advantage of password managers to store all of your passwords in an encrypted database. Password managers also are able to generate secure passwords on the fly, allowing you to avoid using the same password across multiple websites.”
Lewis Jones – Cyber Threat Intelligence Analyst at Sy4 Security
“To stay safe online, ensure you use strong, unique passwords for each site you visit, safe and reliable password manager such as KeePass can be utilised to ensure you can keep track of each unique password as well using two factor authentications.
It is also important to be mindful about what you post online, with people increasingly living their lives online particular via social media, it is good to pause and think ‘do I need to post this’, ‘who can view this information?’ & ‘who could use this information against me’ before you post, social media is a treasure trove for attackers looking to retrieve potential answers to security questions or password hints.
To protect yourself from attackers, never use the web without protection in place. Whilst Anti-Virus/Malware detection tools can be viewed as an extra expense, it is critical that you have some form of defence mechanism in place. Once you have protection in place, it is vital that this is kept up to date.
Secondly, avoid using unsecured public Wi-Fi networks unless you absolutely must, if you do use one avoid logging into any of your online accounts or any application which store personal or financial information, hackers are well adverse to setting up fake Wi-Fi hotspots to lure innocent web surfers in.
Finally, only install trusted applications, attacker often create legitimate looking applications which install malware onto your device, be sure to download applications from trusted sources.
Be sceptical about links and attachments, particularly if it is something you are not expecting. One way to tell if a link is safe is to mouse over it, this will show a preview of the full link in your web browser’s status bar, check to make sure the preview link matches the site it should be from—you can verify the correct site link by researching the company’s name. Users can also utilise a link checker, link checkers are free online tools that can analyse any link’s security issues. When entering sensitive information such as passwords into a website, ensure the address at the top of your web browser starts with https:// and not [http://]http://, ‘S’ stands for secure, and it means the site is encrypting your data, however HTTPS is not always fool proof. Also check for a padlock symbol next to the site address.”
Paul Bischoff – Privacy Advocate at Comparitech
“There are many aspects of digital privacy and cybersecurity for individuals to consider, but here are a few simple steps that most people can take in just a couple minutes:
- Use an anti-tracking app (on mobile) or web browser extension (on desktop) to prevent being tracked across the web, such as uBlock Origin or Privacy Badger.
- Use a VPN to mask your IP address and hide online activity from your internet service provider.
- Turn on your antivirus and firewall.
- Never click on links or attachments in unsolicited emails and messages.
- Use two-factor authentication and single sign-on whenever possible.
- Use a masked or tokenized credit card for online payments.
- Take time to adjust your privacy settings on social media.
- Keep your software and operating system up to date.
- Always check URLs for HTTPS and spelling errors.”
Javvad Malik – Security Awareness Advocate at KnowBe4
“Top three tips to stay safe when online:
- Don’t fall for social engineering scams Most successful attacks are as a result of some kind of trick or scam. You may receive emails or chat messages which offer you a deal, or tell you how your account has been suspended in the attempt to get you to click on a link and submit details or download a malicious file. Remember, if anything evokes an emotional response and seeks to get you to act immediately, stop.
- Keep software up to date Keep all your computers, devices, and software up to date with the latest versions and patches. That alone can save your devices from being compromised.
- Use unique passwords Passwords are part of daily life, and there are many rules around how long and complex they should be. Perhaps the most overlooked rule though is to have unique passwords for each site. Many people reuse the same password across many sites, but the danger is that if a criminal gets hold of your password, they will try that password against every other site they can think of and cause untold damage. So make criminals lives harder and stay safe online by using unique passwords, keeping devices up to date, and remaining vigilant of social engineering scams.”
Jordan Dunne – Cybersecurity Consultant at Edgescan
“With each passing day, online technology becomes an increasingly important aspect of every day life. The need for ordering online and contacting each other is becoming more prevalent, and with this, online users should take precautions and ensure that they are knowledgeable of the potential dangers they may face.
To stay safe online, people can educate themselves about online threats and be conscious of them. As there are an increasing number of phishing attempts and credential leaks, there is also an increase in users alerting one another of potential scams and best practices. Being aware of trends used to target users will help people defend themselves online. Arming oneself with knowledge is one of the best defences when online.
There are multiple ways a person can protect themselves online from various threats.
- Using complex passwords on an individual basis, or better yet, using a password manager will make it less likely that a user’s accounts will be compromised.
- Using Multi Factor Authentication (MFA) will also assist with this as an attacker will usually need multiple points to access a user’s account (Usually an email address or mobile device).
- Using a firewall will assist with avoiding unauthorised access to a user’s devices.
- Using a Virtual Private Network (VPN) will protect the user connecting to the internet by providing a secure connection and help protect against an attacker who may intercept the user’s information when they are using insecure connections such as shopping online using public Wifi.
- Ensuring that your software is kept updated with the latest security patches will help protect against exploits that a user may not even be aware exists.
Avoid clicking on anything that you are uncertain of. Do not enter your personal details anywhere that you do not trust. If something seems suspicious via an email or message, contact the organisation/individual directly through alternative means other than that with which they have contacted you. For example, if you receive an email from a bank that seems suspicious and you are uncertain, call the bank directly and verify the validity of the email. You can usually tell if an email seems suspicious by checking the sender, the contents of the message and looking for poor grammar or spelling.”
Mark Ruchie – CISO at Entrust
“In a recent consumer study, we uncovered some concerning behaviours in regards to personal data usage and emerging trends in sources of cybersecurity information. As a greater portion of our lives moves into the digital world and we spend more time online than ever before, it has never been more important to protect ourselves and our families from digital threats. For Safer Internet day, I am sharing advice on how to ourselves and our families online.
Despite growing concern, many consumers are not taking the necessary steps to protect personal information, 47% of consumers don’t even read the T&Cs before downloading a new app or signing up for a new service. It is important to understand that protecting personal data is a continuous process and requires regular efforts to keep families safe. Passwords must be changed regularly with each password being unique for each platform by making use of password managers or encryption services.
A lack of digital literacy could cause difficulties in understanding data privacy or threats to personal cyber security that could endanger you or your family. Keeping up to date on terminology, new threats and digital best practices can be done by regularly using trusted sources such as the National Cyber Security Centre (NCSC) or Internet Matters.
Trusted expert advice and information is available but our own data suggests that 60% of UK consumers rely on movies, TV programmes and video streaming as a primary source of information. This growing trend raises new concerns around the reliability of these sources in the era of docu-dramas and fake news. So, before accepting the information in an article or documentary it is important to evaluate the reliability of a source and consider why a particular piece of content was produced. We can also use expert advice online to fact check anything on television as there is a strong online community of IT professionals, security experts and industry leaders that produce content, often for free, that can be a valuable tool in cyber security education.
Finally, with a majority of smart devices requiring biometric authentication and a growing number of apps using personal data to offer personalised services, children in the digital age are exchanging personal information at an unprecedented rate. We must understand and help educate others that all content shared online – photos, opinions, personal details – is permanent and public, as well as using parental control tools to enforce usage limits, monitor internet activity, manage contacts and messaging apps.”
Rita Nygren – Business System Administrator, BI and Project Management at Tripwire
“Youngsters have different security and computing needs at a variety of developmental ages. If your child is very young, you should have all computers, tablets and phones set to a time out with a password screen lock. This will reduce the chance of the child being on the computer without you knowing. Make sure any computer that the child is going to interact with has good anti-malware protection, firewalls and software patches, all of which will help to mitigate potential miss-clicks. Along those same lines, set up those devices to have an admin account separate from the day-to-day user on it. And consider using parental controls to limit what sites they can reach when they are young. Think about what age or developmental step will prompt you to loosen these as your child gets older.
As they do start exploring, browse with them and – key for later in their development – create a relationship where if they do end up doing something that, upon reflection, they think was risky, they will tell you about it. They should also learn to interpret pop ups with you, and if something says they must update their computer now, they should check in with a parent for help. Upon getting their own access to forums or email, they should be able to demonstrate knowing “real” mail from spam from phishing attempts and have a good grasp of what information they should not share on the internet. Many password managers or vaults offer family plans, so you can set up an account for your child. This is useful, as it will help your child create and store long, unique passwords for their accounts without having to remember all of them – all while keeping this information separate from your account with the password manager.”
Andy Renshaw – VP, payment solutions and strategy at Feedzai
“In the context of Safer Internet Day, which happens to fall less than a week away from Valentine’s day, users are reminded to be on the lookout for a type of fraud that found a particularly fertile ground on the internet: the romance scam. Romance scams (sometimes known as “catfishing”) happen both in-person and online. In the case of online romance scams, a fraudster connects with a victim by creating a fake dating profile or social media account and pretends to want a romantic relationship. They message their target stories to build their trust.
Eventually, the scammer tries to exploit this trust and encourages the victim to move their exchange off the dating website. Next, they pressure or manipulate the victim into sending them money. They might claim that they would like to meet in person but do not have enough money to travel, or that they are based overseas for business, or are in the military, or that they just had an emergency and can’t afford a plane ticket.
Romance scams are among the fastest-growing scams because fraudsters are able to prey on people’s emotions. There are numerous consumer-facing resources available that are aimed at raising awareness of these scams and helping customers determine if they are being manipulated or not. But while awareness remains paramount, banks and financial institutions can also help. By implementing fraud prevention and anti money laundering tools, banks can now rely on machine learning to step in and flag any suspicious activity. Where in the past a human would have had to sift through an unrealistic amount of transaction data, now an algorithm is able to recognise that a certain transaction might be prompted by a romance scam and can avoid victims losing their money to cybercriminals.”
Tim Helming – Security evangelist at DomainTools
“Safer internet day is a good time to remember users of the essentail cybersecurity precautions to take when receiving emails and text messages. We can expect that, in the months preceding the end of the UK tax year, cybercriminals will ramp up their HMRC phishing scam efforts. The pandemic has placed everyone out of their comfort zone, and a struggling business desperate for relief may be more inclined to click on a HMRC-focused link. The advice however remains the same as when we last spotted coordinated HMRC scams: If you receive an unsolicited email from HMRC, always make contact via an official channel which can be verified in order to establish the legitimacy of an email, avoid clicking on unsolicited links at all costs, and do not provide any personal or financial information until the communication has been verified. It’s always better to be safe than sorry.”
Trevor Morgan – Product Manager at comforte AG
“Safer Internet Day shines a bright light on the individual’s right to safe and productive usage of Internet resources. For corporations, though, it’s a great time to reflect on the individual experience of each and every customer. People need many of the services they interact with on the Internet for health and financial reasons, just to name a few, and a large part of those services consists of sharing sensitive PII in order to transact.
Corporations have an obligation to be the trusty caretakers of this data, motivated by corporate ethics, regulatory statutes and industry standards, and the desire to cultivate positive brand reputation in the market. Businesses need to be reassessing their data security posture on a very regular basis, considering whether they are truly protecting individuals’ sensitive data with the most advanced data-centric methods, such as tokenization or format-preserving encryption. If they are unfamiliar with these concepts, Safer Internet Day is a great time to explore!”
Stephen Burke – CEO of Cyber Risk Aware
“Cyber criminals have continued to develop increasingly more sophisticated traps to gain access to personal information with the malicious intent of stealing money or important data. With cyber crime reaching an all-time high, knowing how to be safer online has never been more important. Following these simple cyber security tips can help keep you protected:
- Create strong, unique passwords and implement two-factor authentication.
- Use caution when using wi-fi in public spaces, these connections can be insecure and can leave your information and devices vulnerable to attack.
- Maintain your privacy online by limiting the personal information you share on social media.
- Remember that phones aren’t immune to cyber security threats!
- If an email or text seems suspicious or urgent and asks you to follow a link, do not click anything or enter any personal information. Instead, directly check with the source to assess the legitimacy of the email.
Internet safety is a huge concern for both individuals and businesses alike. According to a 2020 study from CSO, data breaches cost companies an average of $3.92 million USD.
With human error being responsible for over 90% of data breaches, it’s important for businesses to educate their staff on how to recognise a potential threat as well as what to do should they receive one. Raising staff awareness through cyber security awareness training and education is the key component to ensuring individuals are protecting both themselves as well as valuable company data, effectively.
To combat the rise in security threats such as these, Cyber Risk Aware has developed engaging real-time intervention and security awareness training courses, giving employees better comprehension of what to look for when working online for a safer, digitally connected workforce.”
Chris Hazelton – Director of Security Solutions at Lookout
“As more of your personal information becomes available online, it’s even more important to view any messages and information that is sent to you with some suspicion. Breaches of personal data allow attackers to use your information against you, allowing malicious actors to create compelling reasons for you to act in a way that benefits them. In order to stay safe you must only share or enter information in websites you have visited directly or been given by a reputable search engine. Furthermore, you must only ever use mobile apps that you have downloaded from major app stores.
How can you protect yourself from attackers?
- Create layers of defence for your sensitive information.
- Lock your credit bureaus to prevent new financial accounts from being opened without your permission.
- Limit the number of breaches that include your financial information by limiting the online merchants that store your credit card accounts.
- Use secure password managers to meter out your banking information to merchants only when you make a purchase.
- Use complex unique passwords for each online financial service you use. And any online service that has your banking information should have its own password.
- Regardless of endpoint, install security software on all your devices, including smartphones.
- Despite what manufacturers say, the rising complexity of operating systems is creating security vulnerabilities that can be exploited in cybersecurity attacks.
How can you know what to click on / what to not click on to avoid getting scammed?
- Do not click on links or attachments in any communication medium unless you are sure of the sender’s identity.
- If you can, engage senders across multiple channels. If they email you an attachment or link unexpectedly, send them a text or WhatsApp message before clicking links or opening attachments.
- If someone starts to communicate with you in a way that is new to them, such as sending you an email when they have only sent you texts, treat this new communication with caution.
- Install phishing protection on your smartphone that can automatically stop you from access to known phishing sites from any app on your device.”